summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2008-11-20 16:57:44 +0100
committerMichael Adam <obnox@samba.org>2008-11-21 23:32:29 +0100
commitfa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8 (patch)
treef8838693ef5b47052c2c853bf53d53abf40a61c9
parent97fb05c2c0d0b08f3ed5aa7358a4d6d8c1725012 (diff)
downloadsamba-fa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8.tar.gz
samba-fa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8.tar.bz2
samba-fa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8.zip
s3-winbindd_ads: prevent negative GM/ cache entries due to broken connections
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids to names. This is tried only once. So in case the connection was broken, e.g. closed by the server (without a reset packet), there will be an empty GM/ cache entry for the requested group which will prevent proper working of access checks among other checks for the expiry period. This patch works around this problem by retrying once if the lsa_lookupsids call fails, re-establishing the dc-connection, as we already do in many other places (e.g. the winbindd retry methods for the rpc layer). Michael
-rw-r--r--source3/winbindd/winbindd_ads.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 18cc1cbd03..94a24278eb 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1081,6 +1081,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
&names_nocache,
&name_types_nocache);
+ if (!(NT_STATUS_IS_OK(status) ||
+ NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)))
+ {
+ DEBUG(1, ("lsa_lookupsids call failed with %s "
+ "- retrying...\n", nt_errstr(status)));
+
+ status = cm_connect_lsa(domain, tmp_ctx, &cli,
+ &lsa_policy);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpccli_lsa_lookup_sids(cli, tmp_ctx,
+ &lsa_policy,
+ num_nocache,
+ sid_mem_nocache,
+ &domains_nocache,
+ &names_nocache,
+ &name_types_nocache);
+ }
+
if (NT_STATUS_IS_OK(status) ||
NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED))
{